LinkedIn has been sued over alleged scanning of users’ browsers to identify installed extensions. According to Ars Technica, two separate class action complaints were filed on Monday in the US District Court for the Northern District of California by different law firms on behalf of different plaintiffs.
The case stems from a report by Fairlinked, a German advocacy group representing commercial LinkedIn users. The group said a few days earlier that LinkedIn was allegedly scanning browsers illegally to detect installed extensions, including some that compete with LinkedIn’s own services.
Fairlinked said that every time someone visits linkedin.com, a JavaScript program in the page silently checks the browser for installed Chrome extensions. The group alleged the process happens without any visible notice, consent request, or explanation to users, and that the results are sent back to LinkedIn’s servers. Fairlinked described the practice as “BrowserGate” and called it one of the largest corporate espionage and data breach scandals in digital history.
Experts quoted in the reporting said this kind of information can reveal sensitive personal or corporate details, especially when it is tied to LinkedIn profiles. That is part of why the allegations have drawn attention beyond ordinary privacy concerns.
LinkedIn, which is owned by Microsoft, acknowledges scanning users’ browsers for extensions but says the purpose is to detect people who violate its terms of use. A spokesperson said the accusations are “plain wrong” and argued that the person behind the claims had already been restricted for scraping and other violations of LinkedIn’s Terms of Service.
Attorney J.R. Howell, who filed one of the complaints, told Ars Technica that a reasonable user would not consent to broad browser surveillance or third-party data exploitation through vague references to security, cookies, add-ons, or abuse prevention. He said the case is really about whether users were clearly informed that LinkedIn would allegedly inspect their browsers secretly, extract session-linked data, and share it with undisclosed third parties for more than a one-time compliance check.